### Variable overrides

# You can change many aspects of the build behaviour without modifying this
# make file simply by setting environment variables.
#
# Dependencies and features are auto-detected, but can be overridden:
#
# OPENSSL_BASE	Prefix of OpenSSL library and headers to build against
# LIBEVENT_BASE	Prefix of libevent library and headers to build against
# LIBPCAP_BASE	Prefix of libpcap library and headers to build against
# LIBNET_BASE	Prefix of libnet library and headers to build against
# SQLITE_BASE	Prefix of sqlite3 library and headers to build against
# CHECK_BASE	Prefix of check library and headers to build against (optional)
# PKGCONFIG	Name/path of pkg-config program to use for auto-detection
# PCFLAGS	Additional pkg-config flags
# XNU_VERSION	Version of included XNU headers to build against (OS X only)
# FEATURES	Enable optional or force-enable undetected features (see below)
#
# Where and how to install to:
#
# PREFIX	Prefix to install under (default /usr/local)
# DESTDIR	Destination root under which prefix is located (default /)
# MANDIR	Subdir of PREFIX that contains man section dirs
# INSTALLUID	UID to use for installed files if installing as root
# INSTALLGID	GID to use for installed files if installing as root
#
# Standard compiler variables are respected, e.g.:
#
# CC		Compiler, e.g. for cross-compiling, ccache or ccc-analyzer
# CFLAGS	Additional compiler flags, e.g. optimization flags
# CPPFLAGS	Additional pre-processor flags
# LDFLAGS	Additional linker flags
# LIBS		Additional libraries to link against
# SOURCE_DATE_EPOCH	Set to epoch time to make the build reproducible
#
# On macOS, the following build environment variables are respected:
#
# DEVELOPER_DIR		Override Xcode Command Line Developer Tools directory
# MACOSX_VERSION_MIN	Minimal version of macOS to target, e.g. 10.11
# SDK			SDK name to build against, e.g. macosx, macosx10.11
#
# Examples:
#
# Build against custom installed libraries under /opt:
# % OPENSSL_BASE=/opt/openssl LIBEVENT_BASE=/opt/libevent make
#
# Create a statically linked binary:
# % PCFLAGS='--static' CFLAGS='-static' LDFLAGS='-static' make
#
# Build against musl libc that needs an additional library for fts(3):
# % LIBS='-lfts' make
#
# Build a macOS binary for El Capitan using the default SDK from Xcode 7.3.1:
# % MACOSX_VERSION_MIN=10.11 DEVELOPER_DIR=/Applications/Xcode-7.3.1.app/Contents/Developer make


### Mirroring

# Define to disable support for mirroring connection content as emulated
# packets to a network interface (-I/-T options).  Doing so will remove the
# dependency on both libnet and libpcap.  Use this for constrained environments
# or on platforms without usable libnet/libpcap.  Logging connection content to
# PCAP files will remain fully functional (-X/-Y/-y options) as it does not
# make use of libnet and libpcap.
#FEATURES+=	-DWITHOUT_MIRROR


### OpenSSL tweaking

# Define to enable support for SSLv2.
# Default since 0.4.9 is to disable SSLv2 entirely even if OpenSSL supports it,
# since there are servers that are not compatible with SSLv2 Client Hello
# messages.  If you build in SSLv2 support, you can disable it at runtime using
# -R ssl2 to get the same result as not building in SSLv2 support at all.
#FEATURES+=	-DWITH_SSLV2


### User Authentication

# Define to disable support for user authentication.
# Doing so will remove the dependency on sqlite.
#FEATURES+=	-DWITHOUT_USERAUTH


### Debugging

# These flags are added to CFLAGS iff building from a git repo.
DEBUG_CFLAGS?=	-g
#DEBUG_CFLAGS+=	-Werror

# Define to remove false positives when debugging memory allocation.
# Note that you probably want to build OpenSSL with -DPURIFY too.
#FEATURES+=	-DPURIFY

# Define to add proxy state machine debugging; dump state in debug mode.
#FEATURES+=	-DDEBUG_PROXY

# Define to add certificate debugging; dump all certificates in debug mode.
#FEATURES+=	-DDEBUG_CERTIFICATE

# Define to add SSL session cache debugging; dump all sessions in debug mode.
#FEATURES+=	-DDEBUG_SESSION_CACHE

# Define to add debugging of sslsplit's own ClientHello message parser.
#FEATURES+=	-DDEBUG_CLIENTHELLO_PARSER

# Define to add thread debugging; dump thread state when choosing a thread.
#FEATURES+=	-DDEBUG_THREAD

# Define to add privilege separation server event loop debugging.
#FEATURES+=	-DDEBUG_PRIVSEP_SERVER

# Define to add diagnostic output for debugging option parsing.
#FEATURES+=	-DDEBUG_OPTS

# When debugging OpenSSL related issues, make sure you use a debug build of
# OpenSSL and consider enabling its debugging options -DREF_PRINT -DREF_CHECK
# for debugging reference counting of OpenSSL objects and/or
# -DPURIFY for using valgrind and similar tools.


### Mac OS X header selection

# First, try to use the exact XNU version reported by the kernel.  If they
# are not available, try to look up a suitable XNU version that we have
# headers for based on the OS X release reported by sw_vers.  Then as a last
# resort, fall back to the latest version of XNU that we have headers for,
# which may or may not work, depending on if there were API or ABI changes
# in the DIOCNATLOOK ioctl interface to the NAT state table in the kernel.
#
# Note that you can override the XNU headers used by defining XNU_VERSION.

ifndef PROJECT_ROOT
$(error PROJECT_ROOT not defined)
endif

ifeq ($(shell uname),Darwin)
include $(PROJECT_ROOT)/Mk/xcode.mk
ifneq ($(wildcard /usr/include/libproc.h),)
FEATURES+=	-DHAVE_DARWIN_LIBPROC
endif
OSX_VERSION=	$(shell sw_vers -productVersion)
ifneq ($(XNU_VERSION),)
XNU_METHOD=	override
XNU_HAVE=	$(shell uname -a|sed 's/^.*root:xnu-//g'|sed 's/~.*$$//')
else
XNU_METHOD=	uname
XNU_VERSION=	$(shell uname -a|sed 's/^.*root:xnu-//g'|sed 's/~.*$$//')
XNU_HAVE:=	$(XNU_VERSION)
endif
ifeq ($(wildcard xnu/xnu-$(XNU_VERSION)),)
XNU_METHOD=	sw_vers
XNU_VERSION=	$(shell awk '/^XNU_RELS.*\# $(OSX_VERSION)$$/ {print $$2}' $(PROJECT_ROOT)/xnu/GNUmakefile)
endif
ifeq ($(wildcard xnu/xnu-$(XNU_VERSION)),)
XNU_METHOD=	fallback
XNU_VERSION=	$(shell awk '/^XNU_RELS/ {print $$2}' $(PROJECT_ROOT)/xnu/GNUmakefile|tail -1)
endif
ifneq ($(wildcard xnu/xnu-$(XNU_VERSION)),)
FEATURES+=	-DHAVE_PF
PKG_CPPFLAGS+=	-I$(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)
BUILD_INFO+=	OSX:$(OSX_VERSION) XNU:$(XNU_VERSION):$(XNU_METHOD):$(XNU_HAVE)
endif
endif


### Autodetected features

# Autodetect pf
ifneq ($(wildcard /usr/include/net/pfvar.h),)
FEATURES+=	-DHAVE_PF
# OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf
FEATURES+=	-DHAVE_IPFW
endif

# Autodetect ipfw
ifneq ($(wildcard /sbin/ipfw),)
FEATURES+=	-DHAVE_IPFW
endif

# Autodetect ipfilter
ifneq ($(wildcard /usr/include/netinet/ip_fil.h),)
FEATURES+=	-DHAVE_IPFILTER
endif

# Autodetect netfilter
ifneq ($(wildcard /usr/include/linux/netfilter.h),)
FEATURES+=	-DHAVE_NETFILTER
endif


### Variables you might need to override

PREFIX?=	/usr/local
MANDIR?=	share/man
EXAMPLESDIR?=	share/examples

INSTALLUID?=	0
INSTALLGID?=	0
BINUID?=	$(INSTALLUID)
BINGID?=	$(INSTALLGID)
BINMODE?=	0755
CNFUID?=	$(INSTALLUID)
CNFGID?=	$(INSTALLGID)
CNFMODE?=	0644
MANUID?=	$(INSTALLUID)
MANGID?=	$(INSTALLGID)
MANMODE?=	0644
EXAMPLESMODE?=	0444
ifeq ($(shell id -u),0)
BINOWNERFLAGS?=	-o $(BINUID) -g $(BINGID)
CNFOWNERFLAGS?=	-o $(CNFUID) -g $(CNFGID)
MANOWNERFLAGS?=	-o $(MANUID) -g $(MANGID)
else
BINOWNERFLAGS?=	
CNFOWNERFLAGS?=	
MANOWNERFLAGS?=	
endif

OPENSSL?=	openssl
PKGCONFIG?=	$(shell command -v pkg-config||echo false)
ifeq ($(PKGCONFIG),false)
$(warning pkg-config not found - guessing paths/flags for dependencies)
endif

BASENAME?=	basename
CAT?=		cat
CHECKNR?=	checknr
CUT?=		cut
GREP?=		grep
INSTALL?=	install
MKDIR?=		mkdir
SED?=		sed
SORT?=		sort


### Variables only used for developer targets

KHASH_URL?=	https://github.com/attractivechaos/klib/raw/master/khash.h
GPGSIGNKEY?=	0xE1520675375F5E35

CPPCHECK?=	cppcheck
GPG?=		gpg
GIT?=		git
WGET?=		wget

ZIP?=		gzip
COL?=		col
LN?=		ln
MAN?=		man
TAR?=		tar
# TODO: RM defaults to rm -f causing multiple -f options, should we override it?
#RM=		rm


### You should not need to touch anything below this line

SRCDIR:=	src

PKGLABEL:=	SSLproxy
PKGNAME:=	sslproxy
TARGET:=	$(PKGNAME)
FEATURES:=	$(sort $(FEATURES))

include $(PROJECT_ROOT)/Mk/buildinfo.mk
VERSION:=	$(BUILD_VERSION)
ifdef GITDIR
CFLAGS+=	$(DEBUG_CFLAGS)
endif

# Autodetect dependencies known to pkg-config
PKGS:=		
ifndef OPENSSL_BASE
PKGS+=		$(shell $(PKGCONFIG) $(PCFLAGS) --exists openssl \
		&& echo openssl)
endif
ifndef LIBEVENT_BASE
PKGS+=		$(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent \
		&& echo libevent)
PKGS+=		$(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent_openssl \
		&& echo libevent_openssl)
PKGS+=		$(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent_pthreads \
		&& echo libevent_pthreads)
endif
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
ifndef LIBPCAP_BASE
PKGS+=		$(shell $(PKGCONFIG) $(PCFLAGS) --exists libpcap \
		&& echo libpcap)
endif
endif
ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH)
ifndef SQLITE_BASE
PKGS+=		$(shell $(PKGCONFIG) $(PCFLAGS) --exists sqlite3 \
		&& echo sqlite3)
endif
endif
TPKGS:=		
ifndef CHECK_BASE
TPKGS+=		$(shell $(PKGCONFIG) $(PCFLAGS) --exists check \
		&& echo check)
endif

# Function: Generate list of base paths to search when locating packages
# $1 packagename
bases=		/usr/local/opt/$(1) \
		/opt/local \
		/usr/local \
		/usr

# Function: Locate base path for a package we depend on
# $1 packagename, $2 pattern suffix, $3 override path(s)
locate=		$(subst /$(2),,$(word 1,$(wildcard \
		$(addsuffix /$(2),$(if $(3),$(3),$(call bases,$(1)))))))

# Autodetect dependencies not known to pkg-config
ifeq (,$(filter openssl,$(PKGS)))
OPENSSL_FOUND:=	$(call locate,openssl,include/openssl/ssl.h,$(OPENSSL_BASE))
OPENSSL:=	$(OPENSSL_FOUND)/bin/openssl
ifndef OPENSSL_FOUND
$(error dependency 'OpenSSL' not found; \
	install it or point OPENSSL_BASE to base path)
endif
endif
ifeq (,$(filter libevent,$(PKGS)))
LIBEVENT_FOUND:=$(call locate,libevent,include/event2/event.h,$(LIBEVENT_BASE))
ifndef LIBEVENT_FOUND
$(error dependency 'libevent 2.x' not found; \
	install it or point LIBEVENT_BASE to base path)
endif
endif
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
ifeq (,$(filter libpcap,$(PKGS)))
LIBPCAP_FOUND:=	$(call locate,libpcap,include/pcap.h,$(LIBPCAP_BASE))
ifndef LIBPCAP_FOUND
$(error dependency 'libpcap' not found; \
	install it or point LIBPCAP_BASE to base path)
endif
endif
endif
ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH)
ifeq (,$(filter sqlite3,$(PKGS)))
SQLITE_FOUND:=$(call locate,sqlite3,include/sqlite3.h,$(SQLITE_BASE))
ifndef SQLITE_FOUND
$(error dependency 'SQLite3' not found; \
	install it or point SQLITE_BASE to base path)
endif
endif
endif
ifeq (,$(filter check,$(TPKGS)))
CHECK_FOUND:=	$(call locate,check,include/check.h,$(CHECK_BASE))
ifndef CHECK_FOUND
CHECK_MISSING:=	1
endif
endif

# Always search filesystem for libnet because libnet-config is unreliable
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
LIBNET_FOUND:=	$(call locate,libnet,include/libnet-1.1/libnet.h,$(LIBNET_BASE))
ifdef LIBNET_FOUND
LIBNET_FOUND_INC:=	$(LIBNET_FOUND)/include/libnet-1.1
else
LIBNET_FOUND:=	$(call locate,libnet,include/libnet.h,$(LIBNET_BASE))
LIBNET_FOUND_INC:=	$(LIBNET_FOUND)/include
endif
ifndef LIBNET_FOUND
$(error dependency 'libnet' not found; \
	install it or point LIBNET_BASE to base path)
endif
endif

ifdef OPENSSL_FOUND
PKG_CPPFLAGS+=	-I$(OPENSSL_FOUND)/include
PKG_LDFLAGS+=	-L$(OPENSSL_FOUND)/lib
PKG_LIBS+=	-lssl -lcrypto -lz
endif
ifdef LIBEVENT_FOUND
PKG_CPPFLAGS+=	-I$(LIBEVENT_FOUND)/include
PKG_LDFLAGS+=	-L$(LIBEVENT_FOUND)/lib
PKG_LIBS+=	-levent
endif
ifeq (,$(filter libevent_openssl,$(PKGS)))
PKG_LIBS+=	-levent_openssl
endif
ifeq (,$(filter libevent_pthreads,$(PKGS)))
PKG_LIBS+=	-levent_pthreads
endif
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
ifdef LIBNET_FOUND
PKG_CPPFLAGS+=	-I$(LIBNET_FOUND_INC)
PKG_LDFLAGS+=	-L$(LIBNET_FOUND)/lib
PKG_LIBS+=	-lnet
endif
ifdef LIBPCAP_FOUND
PKG_CPPFLAGS+=	-I$(LIBPCAP_FOUND)/include
PKG_LDFLAGS+=	-L$(LIBPCAP_FOUND)/lib
PKG_LIBS+=	-lpcap
endif
endif
ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH)
ifdef SQLITE_FOUND
PKG_CPPFLAGS+=	-I$(SQLITE_FOUND)/include
PKG_LDFLAGS+=	-L$(SQLITE_FOUND)/lib
PKG_LIBS+=	-lsqlite3
endif
endif
ifdef CHECK_FOUND
TPKG_CPPFLAGS+=	-I$(CHECK_FOUND)/include
TPKG_LDFLAGS+=	-L$(CHECK_FOUND)/lib
TPKG_LIBS+=	-lcheck
endif

ifneq (,$(strip $(PKGS)))
PKG_CFLAGS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-other $(PKGS))
PKG_CPPFLAGS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-I $(PKGS))
PKG_LDFLAGS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-L \
		--libs-only-other $(PKGS))
PKG_LIBS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-l $(PKGS))
endif
ifneq (,$(strip $(TPKGS)))
TPKG_CFLAGS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-other $(TPKGS))
TPKG_CPPFLAGS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-I $(TPKGS))
TPKG_LDFLAGS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-L \
		--libs-only-other $(TPKGS))
TPKG_LIBS+=	$(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-l $(TPKGS))
endif

CPPDEFS+=	-D_GNU_SOURCE \
		-D"PKGLABEL=\"$(PKGLABEL)\""
CPPCHECKFLAGS+=	$(CPPDEFS)

ifneq (ccc-analyzer,$(notdir $(CC)))
PKG_CPPFLAGS:=	$(subst -I,-isystem,$(PKG_CPPFLAGS))
TPKG_CPPFLAGS:=	$(subst -I,-isystem,$(TPKG_CPPFLAGS))
endif

CFLAGS+=	$(PKG_CFLAGS) \
		-std=c99 -Wall -Wextra -pedantic \
		-D_FORTIFY_SOURCE=2 -fstack-protector-all
CPPFLAGS+=	$(PKG_CPPFLAGS) $(CPPDEFS) $(FEATURES)
TCPPFLAGS+=	$(TPKG_CPPFLAGS)
LDFLAGS+=	$(PKG_LDFLAGS)
LIBS+=		$(PKG_LIBS)

ifneq ($(shell uname),Darwin)
CFLAGS+=	-pthread
LDFLAGS+=	-pthread
endif

# _FORTIFY_SOURCE requires -O on Linux
ifeq (,$(findstring -O,$(CFLAGS)))
CFLAGS+=	-O2
endif

export VERSION
export OPENSSL
export OPENSSL_BASE
export OPENSSL_FOUND
export MKDIR
export WGET

ifndef MAKE_RESTARTS
$(info ------------------------------------------------------------------------------)
$(info $(PKGLABEL) $(VERSION))
$(info ------------------------------------------------------------------------------)
$(info Report bugs at https://github.com/sonertari/SSLproxy/issues/new)
$(info Please supply this header for diagnostics when reporting build issues)
$(info Before reporting bugs, make sure to try the latest develop branch first:)
$(info % git clone -b develop https://github.com/sonertari/SSLproxy.git)
$(info ------------------------------------------------------------------------------)
$(info Via pkg-config: $(strip $(PKGS) $(TPKGS)))
ifdef OPENSSL_FOUND
$(info OPENSSL_BASE:   $(strip $(OPENSSL_FOUND)))
endif
ifdef LIBEVENT_FOUND
$(info LIBEVENT_BASE:  $(strip $(LIBEVENT_FOUND)))
endif
ifdef LIBPCAP_FOUND
$(info LIBPCAP_BASE:   $(strip $(LIBPCAP_FOUND)))
endif
ifdef LIBNET_FOUND
$(info LIBNET_BASE:    $(strip $(LIBNET_FOUND)))
endif
ifdef SQLITE_FOUND
$(info SQLITE_BASE:    $(strip $(SQLITE_FOUND)))
endif
ifdef CHECK_FOUND
$(info CHECK_BASE:     $(strip $(CHECK_FOUND)))
endif
$(info Build options:  $(FEATURES))
$(info Build info:     $(BUILD_INFO))
ifeq ($(shell uname),Darwin)
$(info OSX_VERSION:    $(OSX_VERSION))
$(info XNU_VERSION:    $(XNU_VERSION) ($(XNU_METHOD), have $(XNU_HAVE)))
endif
$(info uname -a:       $(shell uname -a))
$(info ------------------------------------------------------------------------------)
endif
